server {
    listen 80;
    server_name files.wakuart.com;
    return 301 https://$host$request_uri;  # 强制跳转 HTTPS
}

server {
    listen 443 ssl;
    server_name files.wakuart.com;

    # SSL 证书配置
    ssl_certificate /etc/letsencrypt/live/files.wakuart.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/files.wakuart.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


    # 下载优化配置
    location /downloads {
        alias /var/www/files.wakuart.com/downloads/;
        # 禁用目录列表（安全考虑）
        autoindex on;

        # 设置正确的文件类型头
        # default_type application/octet-stream;

        # 对大文件下载优化
        # aio on;
        # directio 512;
        # sendfile on;       # 启用高效文件传输（默认已开启）
        # tcp_nopush on;     # 优化数据包发送
        # 限制下载速度（可选）
        # limit_rate_after 10m;  # 前10MB不限速
        # limit_rate 100k;       # 之后限速100KB/s
        # output_buffers 1 128k;

        # 允许跨域访问（按需启用）
        # add_header Access-Control-Allow-Origin *;

        # 文件缓存控制（示例：1小时）
        # expires 1h;
        # add_header Cache-Control "public";
        add_header Content-Disposition 'attachment; filename="$1"';

        # 限制访问（可选：HTTP Basic Auth）
        # auth_basic "Restricted";
        # auth_basic_user_file /etc/nginx/.htpasswd;
    }

    # 安全增强
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "DENY";
    add_header X-XSS-Protection "1; mode=block";

    # 日志配置
    access_log /var/log/nginx/files.wakuart.com.access.log;
    error_log /var/log/nginx/files.wakuart.com.error.log;
}
